Android Exploits & Vulnerabilities from CISA
Tags:
This list highlights the latest CISA catalogue entries of Known Exploited Vulnerabilities from Android and Android products in 2022-2023.
Product | Vulnerability Name | Date Added | Short Description | Required Action | Due Date | Detail Link |
Framework | Android Framework Privilege Escalation Vulnerability | 2023-09-13 | Android Framework contains an unspecified vulnerability that allows for privilege escalation. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-04 | CVE-2023-35674 |
Mobile Devices | Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability | 2023-05-19 | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. | Apply updates per vendor instructions. | 2023-06-09 | CVE-2023-21492 |
Chrome | Google Chrome Skia Integer Overflow Vulnerability | 2023-04-21 | Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. | Apply updates per vendor instructions. | 2023-05-12 | CVE-2023-2136 |
Framework | Android Framework Privilege Escalation Vulnerability | 2023-04-13 | Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. | Apply updates per vendor instructions. | 2023-05-04 | CVE-2023-20963 |
Android OS | Android OS Privilege Escalation Vulnerability | 2022-09-08 | The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor. | Apply updates per vendor instructions. | 2022-09-29 | CVE-2011-1823 |
Kernel | Android Kernel Use-After-Free Vulnerability | 2022-05-23 | Android kernel contains a use-after-free vulnerability that allows for privilege escalation. | Apply updates per vendor instructions. | 2022-06-13 | CVE-2021-1048 |
Kernel | Android Kernel Race Condition Vulnerability | 2022-05-23 | Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation. | Apply updates per vendor instructions. | 2022-06-13 | CVE-2021-0920 |